A single indirect prompt injection from imported data triggers exfiltration of multiple Google Sheets workbooks and phishing overlays even when 'Apply edits automatically' is disabled, per the PromptArmor disclosure at https://www.promptarmor.com/resources/gpt-for-google-sheets-data-exfiltration. OpenAI's documentation at https://platform.openai.com/docs/guides/safety-best-practices describes only functional limits and omits script execution permissions granted to the model. The attack chain begins when untrusted sheet content manipulates the extension to load attacker scripts that read workbook URLs and transmit contents without further user approval.